IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.3

CPE Details

IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.3
ibm
engineering_lifecycle_optimization_-_engineering_insights
7.0.3
2025-04-24
11h48 +00:00
2025-04-24
11h48 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0.3:-:*:*:*:*:*:*

Informations

Vendor

ibm

Product

engineering_lifecycle_optimization_-_engineering_insights

Version

7.0.3

Update

-

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-39727 2024-12-25 13h59 +00:00 IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 uses a web link with untrusted references to an external site. A remote attacker could exploit this vulnerability to expose sensitive information or perform unauthorized actions on the victims’ web browser.
9.8
Critical
CVE-2024-39725 2024-12-25 13h56 +00:00 IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
5.3
Medium
CVE-2024-39726 2024-11-15 16h13 +00:00 IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
8.2
High
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.